Seoul releases details of how it traced last month's cyber attack to North Korea's Reconnaissance General Bureau, and alleges that the North plans a coordinated cyber and missile attack. Meanwhile spammers exploit Korean tensions with emails announcing (falsely) the outbreak of war; the messages carry Cridex login credential stealing malware.
Kaspersky uncovers a long-duration attack on online gaming companies. The "Winnti" campaign shows the convergence of cybercrime and cyber espionage: the criminals stole virtual currency, source code, and—most importantly—digital certificates. The certificates were eventually sold to Chinese security services whence they've appeared in attacks on Tibetan and Uyghur activists. The Winnti gang, operating at least since 2009, targets massive multiplayer online games.
Redpill spyware has resurfaced in India. In the US, another St. Louis area bank reports it's under cyber attack. Malaysian independent media suffer successful attacks as that country's election campaign opens. Sophos demonstrates a method of distributing malware via "read-only" Excel files.
Bitcoin-harvesting malware continues to roil trading in the math-based currency. Bitcoin's story is a curious one with many features of a classic bubble. It's attracting both a lot of smart money and a lot of denunciation (in one writer's characterization, it's a "Ponzi scheme").
Hacker News describes Skype password vulnerabilities. Ars Technica publishes a criminal consumer's guide to botnets—they're cheap and easy to use.
The EU's cyber security agency Enisa's post mortem on the CyberBunker-Spamhaus incident says ISPs and DNS server operators could have blocked the attack had they followed well-established best practices.